Identity and access management (IAM) refers to the processes, technologies, and policies for managing digital identities and controlling how those identities can be used to access resources. For large business entities having thousands of employees and complex computer systems, IAM can be a challenge.
As personnel join, leave, and move throughout the enterprise, access rights to various computing resources may need to be updated, e.g., to add, remove, or modify access rights. Furthermore, periodic access reviews may need to be performed to ensure that access rights for personnel do not exceed the scope of their authority. In other words, access reviews may be used to determine whether employees can access only those resources necessary to perform their job duties. Moreover, it may also be important to ensure personnel are not provided with incompatible access rights—combinations of access rights that would allow personnel to carry out incompatible tasks.
In order to ensure computing systems remain secure, reviews of access rights may be performed periodically. In some organizations, however, access reviews may involve hundreds of thousands of access rights. Reviewing such a large volume of access rights on a regular basis may strain the available resources of that organization. Therefore, a need exists for improved approaches to identity and access management.